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Claims 

1. A method for maintaining a secure tunnel in a packet-based 
communication system, the method comprising the steps of: 

5 - establishing a secure tunnel between a security gateway and a 

mobile terminal being located at a first address in a first network, wherein the 
security gateway connects the first network to a second network and the 
mobile terminal has a second address that identifies the mobile temninal in the 
second network; 

10 - in the security gateway, identifying the secure tunnel based on the 

second address in packets destined for the mobile temninal from the second 
network; 

- detecting a change In the first address of the mobile terminal; 

- In response to the detecting step, sending an update message to the 
15 security gateway, wherein the update message includes a new address value 

of the fii^t address; and 

- based on the update message, updating the first address associated 
with the secure tunnel. 

2. A method according to claim 1, wherein the first network is a public 
20 packet network and the second network is a private packet network. 

3. A method according to claim 1, wherein the update message is a 
nomial data message to be transmitted to the security gateway when the 
change is detected. 

4. A method according to claim 1, wherein the sending step includes 
25 creating a dummy packet and sending it as the update message to the security 

gateway. 

5. A method according to claim 1, wherein the sending step includes 
creating an update message including a NAT-D payload for detecting a 
network address translation device between the mobile temninal and the 

30 security gateway. 

6. A mobile terminal for a packet-based communication system, the 
mobile temninal comprising: 

- tunnel establishment means for establishing a secure tunnel to a 
security gateway through a packet network; wherein the security gateway is 
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configured to connect a first network to a second network and the mobile 
tenminal lias a first address that depends on its cun-ent location in the first 
network and a second address that Identifies the mobile temiinal in the second 
network; and 

5 - address update means for sending an update message through said 

secure tunnel to the security gateway when the first address changes, wherein 
the update message includes a new address value of the first address. 

7. A mobile temninal according to claim 6, wherein the address update 
means are configured to create a dummy packet if there is no data to be sent 

1 0 through the secure tunnel when the first address changes. 

8. A mobile temninal according to claim 6, wherein the address update 
means are configured to create an update message including a NAT-D 
payload for detecting a network address translation device between the mobile 
terminal and the security gateway. 

15 9. A security gateway for a packet-based communication system, the 

security gateway comprising: 

- tunnel establishment means for establishing a secure tunnel to a 
mobile temninal located at a first address in a first networtc, wherein the security 
gateway is configured to connect the first network to a second network and the 

20 mobile temninal has a second address that identifies the mobile temninal in the 
second network; 

- identification means for Identifying the secure tunnel based on the 
second address in a packet originated from the second network and destined 
for the mobile terminal; and 

25 - address update means for updating the first address associated with 

the secure tunnel, the address update means being responsive to a message 
received from the mobile terminal, the message including a new value of the 
first address. 

10. A system for maintaining a secure tunnel in a packet-based 
30 communication system, the system comprising: 

- tunnel establishment means for establishing a secure tunnel 
between a security gateway and a rrioblle temninal being located at a first 
address in a first networi<, wherein the security gateway is configured to 
connect the first networi< to a second network and the mobile temninal has a 

35 second address that identifies the mobile terminal in the second networit; 
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- detection means for detecting a change in tlie first address; 

- first address update means, responsive to tlie detection means, for 
sending an update message to the security gateway, wherein the update 
message includes a new address value of the first address; 

5 - in the security gateway, second address update means for updating 

the first address associated with the secure tunnel in response to the update 
message; and 

- in the security gateway, Identification means for identifying the 
secure tunnel based on the second address in a packet originated from the 

1 0 second network and destined for the mobile terminal. 

11. A computer useable medium having computer readable program 
code embodied therein to enable a mobile temiinal to communicate with a 
security gateway in a packet-based communication system, the computer 
readable program code comprising: 

15 - computer readable program code for causing the mobile temiinal to 

establish a secure tunnel to a security gateway through a packet networi<; 
wherein the security gateway is configured to connect a first network to a 
second networic and the mobile terminal has a first address that depends on its 
cunient location in the first network and a second address that Identifies the 

20 mobile terminal In the second network; and 

- computer readable program code for causing the mobile temiinal to 
send an update message through said secure tunnel to the security gateway 
when the first address changes, wherein the update message includes a new 
address value of the first address. 

25 12. A computer useable medium having computer readable program 

code embodied therein to enable a mobile terminal to communicate with a 
security gateway in a packet-based communication system, the security 
gateway being configured to connect a first networic to a second networi<, the 
computer readable program code comprising: 

30 - computer readable program code for causing the mobile temninai to 

send an update message through a secure tunnel to the security gateway 
when a first address that depends on the mobile terminal's cun«nt location in 
the first networi< changes, wherein the update message includes a new 
address value of the first address. 

35 



